Changeset 281384 in webkit


Ignore:
Timestamp:
Aug 21, 2021, 6:33:10 PM (3 years ago)
Author:
[email protected]
Message:

IndexedDB: crash when triggering IDBOpenRequest completion back on a worker thread
https://bugs.webkit.org/show_bug.cgi?id=229375

Source/WebCore:

Reviewed by Brady Eidson.

Client may dispatch custom events to an IDBRequest, and we should only change request state based on events
created internally.

  • Modules/indexeddb/IDBRequest.cpp:

(WebCore::IDBRequest::dispatchEvent):

Source/WTF:

Protect callee in CrossThreadTask if it inherits from ThreadSafeRefCounted<T>.

Reviewed by Brady Eidson.

  • wtf/CrossThreadTask.h:
Location:
trunk/Source
Files:
4 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WTF/ChangeLog

    r281318 r281384  
     12021-08-21  Sihui Liu  <[email protected]>
     2
     3        IndexedDB: crash when triggering IDBOpenRequest completion back on a worker thread
     4        https://bugs.webkit.org/show_bug.cgi?id=229375
     5
     6        Protect callee in CrossThreadTask if it inherits from ThreadSafeRefCounted<T>.
     7
     8        Reviewed by Brady Eidson.
     9
     10        * wtf/CrossThreadTask.h:
     11
    1122021-08-20  Mark Lam  <[email protected]>
    213

  • trunk/Source/WTF/wtf/CrossThreadTask.h

    r278179 r281384  
    8888}
    8989
    90 template<typename T, typename std::enable_if<std::is_base_of<ThreadSafeRefCounted<T>, T>::value, int>::type = 0, typename... Parameters, typename... Arguments>
     90template<typename T, typename std::enable_if<std::is_base_of<ThreadSafeRefCountedBase, T>::value, int>::type = 0, typename... Parameters, typename... Arguments>
    9191CrossThreadTask createCrossThreadTask(T& callee, void (T::*method)(Parameters...), const Arguments&... arguments)
    9292{
     
    9696}
    9797
    98 template<typename T, typename std::enable_if<!std::is_base_of<ThreadSafeRefCounted<T>, T>::value, int>::type = 0, typename... Parameters, typename... Arguments>
     98template<typename T, typename std::enable_if<!std::is_base_of<ThreadSafeRefCountedBase, T>::value, int>::type = 0, typename... Parameters, typename... Arguments>
    9999CrossThreadTask createCrossThreadTask(T& callee, void (T::*method)(Parameters...), const Arguments&... arguments)
    100100{

  • trunk/Source/WebCore/ChangeLog

    r281382 r281384  
     12021-08-21  Sihui Liu  <[email protected]>
     2
     3        IndexedDB: crash when triggering IDBOpenRequest completion back on a worker thread
     4        https://bugs.webkit.org/show_bug.cgi?id=229375
     5
     6        Reviewed by Brady Eidson.
     7
     8        Client may dispatch custom events to an IDBRequest, and we should only change request state based on events
     9        created internally.
     10
     11        * Modules/indexeddb/IDBRequest.cpp:
     12        (WebCore::IDBRequest::dispatchEvent):
     13
    1142021-08-21  Zalan Bujtas  <[email protected]>
    215

  • trunk/Source/WebCore/Modules/indexeddb/IDBRequest.cpp

    r280053 r281384  
    309309        targets = { this, m_transaction.get(), &m_transaction->database() };
    310310
    311     m_hasPendingActivity = false;
     311    if (event.isTrusted())
     312        m_hasPendingActivity = false;
    312313
    313314    {
Note: See TracChangeset for help on using the changeset viewer.